NTP abused to pull off Denial of Service attacks


Attackers who took down a number of well-known game sites apparently abused the Network Time Protocol (NTP) in order to pull off a redirection attack. As reported by Ars Technica, an attack group known as DERP Trolling sent spoofed NTP requests to time-synchronization servers. Each eight byte request resulted in a 468-byte response being sent to the victim, effectively giving attackers the ability to deliver a substantial amount of network traffic to swamp their victims.

According to Shawn Marck, CEO DoS-mitigation service Black Lotus, a DoS attack conducted using NTP is almost unheard of prior to December last year. Yet NTP reflection attacks accounted for 69 percent of all DoS attack traffic volume in the first week of the year, and clocked in with an average attack size of about 7.3 gigabits per second.

Fortunately, stopping a NTP reflection attack in its tracks is relatively straightforward due to the ease of identifying them. One way to blunt the effects of an ongoing NTP attack is to limit the amount of NTP traffic that is allowed to enter the network, suggested Marck. Alternatively, businesses can implement large-scale DDoS mitigation system, or adopt a service-based approach with several gigabits of standby capacity on hand in the event of a DDoS attack.

For more:
- check out this article at Ars Technica

Related Articles:
DDoS myths and misconceptions
Large-scale DDoS attacks hit Spamhaus